CVE-2012-5356 Information

Description

The apt-add-repository tool in Ubuntu Software Properties 0.75.x before 0.75.10.3 0.80.x before 0.80.9.2 0.81.x before 0.81.13.5 0.82.x before 0.82.7.3 and 0.92.x before 0.92.8 does not properly check PPA GPG keys imported from a keyserver which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack.

Reference

http://www.securityfocus.com/bid/55736 http://www.ubuntu.com/usn/USN-1588-1 https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1016643 https://exchange.xforce.ibmcloud.com/vulnerabilities/78990